On Tue, Oct 16, 2007 at 09:17:40PM -0700, Casey Schaufler wrote:
At random:
> +static int smack_netlabel(struct sock *sk)
> +{
> + static int initialized;
> + struct socket_smack *ssp = sk->sk_security;
> + struct netlbl_lsm_secattr secattr;
> + int rc = 0;
> +
> + if (!initialized) {
> + smk_cipso_doi();
> + initialized = 1;
> + }
And just what happens if another task calls the same while we are
blocked on allocation in smk_cipso_doi()?
Another problem is your handling of smk_known - you add to head under
mutex; fine. However, you read without one _and_ have no barriers
in initializing new list entries.
Think what happens if CPU1 adds to list and CPU2 sees write to smk_known
*before* it sees write to ->smk_next. We see a single-element list and
we'll be lucky if that single entry won't be FUBAR.
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
